Our company is using OOB provisioning via SCCM to enable remote power management at our remote and local sites. SCCM has been configured to provision new computers and has been working fine until recently. We are using lenovo machines and I have found the most recent computers that we have been receiving for some reason have not been auto provisioning as required. We have been running with the same model of computer(5205), so nothing has changed there, latest drivers, have tested un-configuring one of the older computers and that auto reconfigured ok. I have tested configuring other model computers and they work fine. So i dont think its a issue with SCCM Infrastructure. We are using Go Daddy certificates.

When ME bios is unconfigured I cannot telnet to the host name via either 16992 and 16993 port. If i go into the bios and manually configure it i can then telnet to port 16992 and i can web browse remotely to the AMT device. I have tried disabling AMT and re-enable several times, and resetting AMT all with no luck.

I have tried ZTClocalagent -activate and get these errors at the bottom of the log which I think is a good clue but dont know how or what to do from here? Im hoping someone here can help? I have over 200 computers that need configuring at over 200 sites, and obviously would need to rely on remote configuration.

Provisioning TLS Mode:NOT READY

Failed performing Start Configuration command:PT_STATUS_INVALID_PT_MODE: Command is not permitted in current operating mode.

Hi gfuestonx - I have tried various different things in an attempt to get it working on a test computer. Using default password, setting a password that is configured in SCCM, resetting everything back to default, none of it works. Other model computers dont have a issue with provisioning straight after imaging has taken place... The previous batch of computers from Lenovo with the same model didnt have a issue with this either. Im wondering if it could be hardware related..

Basically ran ZTCLocalAgent.exe -activate and found that Zero Touch Configuration was set to disabled by default for these computers and setup and configuration was set to not completed. After much more research through the Intel SDK found that a setting in the ME bios was incorrect. Changed the TLS PKI Remote COnfiguration to Enabled. Then logged back into the computer and ran the ZTCLocalAgent.exe -activate which had changed the Zero Touch COnfiguration to enabled, and changed provisioning TLS mode to PKI. SCCM then configured oob for this computer instantly!!

Im glad that its fixed, however this is hardly Zero Touch Configuration and now i have to work out how to deploy this bios change remotely to over 200 sites. Cant believe that this setting would be set to disabled in the bios but its caused a massive headache for me.